Networking

Authentication

Before users can log on to any system, their identities must be verified. By far the most common type of authentication used is the standard username and password combination. When a user account is created, it is good practice for the administrator to set a password. The user should change that password immediately so that the administrator no longer knows it.

Most user password problems can be traced to users entering an incorrect password or entering the correct password incorrectly. All common operating systems offer the ability for the administrator to change a user's password, but none offer the capability to determine the user's existing password. Therefore, if a user does forget his or her password, a new one has to be created and issued.

Permissions Errors

Access to applications and data across the network is controlled by permissions. Permissions are responsible for protecting the data on the network and ensuring that only those who should have access to it do.

The first rule of permissions troubleshooting is to remember that permissions do not change themselves. If a user cannot access a file, the first question to the user should always be, "Could you ever access the file?" If the user says, "Yes, but now I can't access the file," you should check server change logs or documentation to see if any changes have been made in the permissions structure.

If no changes have been made, you should verify that the user is in fact allowed access to that file or directory. In large environments, trying to keep track of who should have access to what can be a tricky businessone that is best left to defined policies and documentation.

The following are some other items you should consider when troubleshooting permissions problems:

  • On some operating systems, rights and permissions can be inherited from parent directories or other directories that are higher in the directory structure. A change in the permissions assignments at one level might have an effect on a lower level in the directory tree.

  • File permissions can be gained from objects other than the user's account. Depending on the operating system being used, rights can also be gained from group membership, other network objects, or security equivalence. When you are troubleshooting a permissions problem, be sure that you understand where rights are supposed to originate.

  • File attributes can override file permissions, and they can prevent actions from being performed on certain files. To the uninitiated, this might seem like a file permissions problem, but in fact it is correct operation.

As with many other IT troubleshooting scenarios, you can solve most permissions problems effectively if you fully understand what you are troubleshooting and the factors that affect the situation. Also in common with other troubleshooting scenarios, you need to approach the problem methodically.